WP-Safety

Social Login by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/social-login-bws

Add social media login, registration, and commenting to your WordPress website.

90 active installs v1.4.5 PHP + WP 5.6.2+ Updated Jun 12, 2025
google-loginregistrationsocial-connectsocial-loginsocial-networks
100
A · Safe
CVEs total1
Unpatched0
Last CVEApr 12, 2017
Plugin page Download
Safety Verdict

Is Social Login by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 100/100

Social Login by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 12, 2017Updated 9mo ago
Risk Assessment

The social-login-bws plugin exhibits a generally strong security posture, with a high percentage of properly escaped outputs and a robust implementation of nonce and capability checks across its identified entry points. The absence of unpatched CVEs and the presence of only one medium severity vulnerability in its history, which is also patched, are positive indicators. Furthermore, the fact that all four AJAX handlers have authentication checks significantly reduces the risk of unauthorized actions through these endpoints.

However, the presence of the `unserialize` function poses a notable risk. If this function is used with unsanitized user-supplied input, it can lead to remote code execution vulnerabilities. While the taint analysis did not reveal critical or high severity flows, the potential for such issues with `unserialize` should not be overlooked. The plugin also makes several external HTTP requests, which could be a vector for various attacks if not handled securely, although the analysis doesn't specifically highlight any unsanitized external requests.

Overall, the plugin is well-protected against common web vulnerabilities with good coding practices in place. The main area of concern lies with the `unserialize` function, which, despite not currently showing exploitable taint flows, represents a latent risk. The historical vulnerability pattern suggests the developer has addressed past issues promptly, which is a positive sign for future maintenance.

Key Concerns

  • Dangerous function: unserialize used
  • 50% of SQL queries not using prepared statements
  • 4 flows with unsanitized paths (taint analysis)
  • Bundled library: Guzzle (potential for outdated versions)
Vulnerabilities
1

Social Login by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2017-18501medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Social Login by BestWebSoft <= 0.1 - Multiple Cross-Site Scripting

Apr 12, 2017 Patched in 0.2 (2477d)
Code Analysis
Analyzed Mar 16, 2026

Social Login by BestWebSoft Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
2 prepared
Unescaped Output
31
527 escaped
Nonce Checks
21
Capability Checks
3
File Operations
8
External Requests
9
Bundled Libraries
1

Dangerous Functions Found

unserialize$value = unserialize($value['lateObject']);includes\hybrid\Storage\Session.php:63

Bundled Libraries

Guzzle

SQL Query Safety

50% prepared4 total queries

Output Escaping

94% escaped558 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

12 flows4 with unsanitized paths
log (includes\hybrid\Logger\Logger.php:118)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Social Login by BestWebSoft Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 4

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1466
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433
authwp_ajax_scllgn_remembersocial-login-bws.php:1523
noprivwp_ajax_scllgn_remembersocial-login-bws.php:1524
WordPress Hooks 44
filterload_textdomain_mofilebws_menu\bws_functions.php:43
filtermce_external_pluginsbws_menu\bws_functions.php:1146
filtermce_buttonsbws_menu\bws_functions.php:1147
actionadmin_initbws_menu\bws_functions.php:1433
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1434
actionadmin_headbws_menu\bws_functions.php:1435
actionadmin_footerbws_menu\bws_functions.php:1436
actionadmin_noticesbws_menu\bws_functions.php:1438
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1440
filterregistration_errorssocial-login-bws.php:110
filterwpmu_validate_user_signupsocial-login-bws.php:112
filterwpmu_validate_blog_signupsocial-login-bws.php:113
filterwp_get_current_commentersocial-login-bws.php:363
actionadmin_menusocial-login-bws.php:1476
actionplugins_loadedsocial-login-bws.php:1477
actioninitsocial-login-bws.php:1478
actionadmin_initsocial-login-bws.php:1479
actionadmin_enqueue_scriptssocial-login-bws.php:1482
filterplugin_action_linkssocial-login-bws.php:1484
filterplugin_row_metasocial-login-bws.php:1485
actionadmin_noticessocial-login-bws.php:1487
actionlogin_formsocial-login-bws.php:1489
filterlogin_messagesocial-login-bws.php:1490
filterscllgn_get_user_filtersocial-login-bws.php:1491
filterscllgn_get_user_emailsocial-login-bws.php:1492
filtersbscrbr_get_user_emailsocial-login-bws.php:1493
actionregister_formsocial-login-bws.php:1494
actionsignup_extra_fieldssocial-login-bws.php:1496
actioncomment_form_topsocial-login-bws.php:1497
actionscllgn_login_formsocial-login-bws.php:1498
actionscllgn_register_formsocial-login-bws.php:1499
actionscllgn_comment_formsocial-login-bws.php:1500
actionscllgn_display_all_buttonssocial-login-bws.php:1501
actionwp_enqueue_scriptssocial-login-bws.php:1504
actionlogin_enqueue_scriptssocial-login-bws.php:1505
filterallowed_redirect_hostssocial-login-bws.php:1506
actionsignup_extra_fieldssocial-login-bws.php:1508
actionsignup_extra_fieldssocial-login-bws.php:1509
filterbody_classsocial-login-bws.php:1512
actionshow_user_profilesocial-login-bws.php:1515
actionedit_user_profilesocial-login-bws.php:1516
actionedit_user_profile_updatesocial-login-bws.php:1518
actionpersonal_options_updatesocial-login-bws.php:1519
actionuser_profile_update_errorssocial-login-bws.php:1520
Maintenance & Trust

Social Login by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 12, 2025
PHP min version
Downloads10K

Community Trust

Rating100/100
Number of ratings2
Active installs90
Alternatives

Social Login by BestWebSoft Alternatives

UsersWP – Social Login

UsersWP – Social Login

userswp-social-login

A
100

Social Login addon for UsersWP.

2K No CVEs
Happy Social Login

Happy Social Login

happy-social-login

A
92

Enables user authentication through various social media accounts. Login through Google, Facebook, LinkedIn, GitHub and more.

100 No CVEs
Rundiz OAuth

Rundiz OAuth

okv-oauth

A
100

Use OAuth such as Google, LINE to login and register.

10 No CVEs
Wapu Auth – Google Social Login for WordPress & WooCommerce

Wapu Auth – Google Social Login for WordPress & WooCommerce

wapu-auth-social-login

A
100

Google Social Login for WordPress & WooCommerce -- free. Let users register and login with their Google account in one click. No passwords, no forms.

0 No CVEs
Ninja Forms – The Contact Form Builder That Grows With You

Ninja Forms – The Contact Form Builder That Grows With You

ninja-forms

B
76

The 100% beginner friendly WordPress form builder. Drag & drop form fields to build beautiful, professional contact forms in minutes.

600K 74 CVEs
Developer Profile

Social Login by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Social Login by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/social-login-bws/assets/css/social-login-bws.css/wp-content/plugins/social-login-bws/assets/js/social-login-bws.js
Script Paths
/wp-content/plugins/social-login-bws/assets/js/social-login-bws.js
Version Parameters
social-login-bws/assets/css/social-login-bws.css?ver=social-login-bws/assets/js/social-login-bws.js?ver=

HTML / DOM Fingerprints

CSS Classes
bws-social-login
HTML Comments
© Copyright 2021 BestWebSoft ( https://support.bestwebsoft.com )This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License+17 more
Data Attributes
data-button-colordata-button-sizedata-button-shapedata-button-text
JS Globals
scllgn_options
Shortcode Output
[social_login]
FAQ

Frequently Asked Questions about Social Login by BestWebSoft